package com.zkhz.base.security.config;

import lombok.Data;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.context.properties.ConfigurationProperties;

/**
 * @Description 认证模块相关配置
 *
 * @author wuzeqin
 * @date 2020/5/29
 **/
@Data
@ConfigurationProperties(prefix = "system.security")
public class SystemSecurityProperties implements InitializingBean {

    private static SystemSecurityProperties INSTANCE;

    private String clientId = "system";

    /**
     * 失败多少次会被锁住，大于0才有效，否则不锁
     */
    private int failNumToLock = -1;

    /**
     * 锁定时长（分钟）
     */
    private int lockMinutes = 30;

    /**
     * WebSecurity 白名单，即不走spring security的资源，一般是静态资源。
     */
    private String[] webPermitUrls = new String[0];

    /**
     * HttpSecurity 白名单。一般是允许匿名访问的资源，比如登录、登出、错误信息等。
     * 与webPermitUrls不同，虽然都可以直接访问，但HttpSecurity白名单是走了spring security拦截器链的，
     * 拦截器链会多一些处理，比如跨域处理。
     */
    private String[] httpPermitUrls = new String[0];

    private Jwt jwt = new Jwt();

    @Override
    public void afterPropertiesSet() {
        INSTANCE = this;
    }

    public static SystemSecurityProperties getInstance() {
        if (INSTANCE == null) {
            throw new RuntimeException("SystemSecurityConfig is null");
        }
        return INSTANCE;
    }

    @Data
    public static class Jwt {

        private String signingKey = "system-jwt-default";

        private String[] urls = new String[]{"/**"};  //走jwt认证的资源, antMatcher模式

        private int accessTokenValidityHours = -1;  //token存活时长。单位小时，默认12小时，<=0 则取默认

        private int refreshTokenValidityDays = -1;  //刷新token存活时长。单位天，默认30天，<=0 则取默认
    }

}
